Riverbed gear to optimise SSL

Riverbed Technology is adding SSL support to its Steelhead WAN optimisation gear, making it possible to accelerate a potentially large volume of network traffic that it couldn't get at before.

By
Tim Greene, Network World
| Mar 02, 2007

| IDG News Service

Share

TwitterFacebookLinkedIn

Riverbed Technology is adding SSL support to its Steelhead WAN optimisation gear, making it possible to accelerate a potentially large volume of network traffic that it couldn't get at before.

With an upgrade of Riverbed's RiOS software, the Steelhead appliances terminate SSL sessions, optimize the traffic, then re-encrypt the traffic as SSL. Before, the devices did not terminate SSL sessions so they could not access the payload to optimize it, the company said.

"There's a lot of encrypted traffic out there," said Zeus Kerravala, an analyst with the Yankee Group, and it is increasing. Since traffic is encrypted because it is considered important, not optimizing it could slow down a business's most important transactions, he said.

As SSL traffic increases, the accelerating effects that WAN optimization gear has will decrease unless the equipment can proxy SSL sessions and optimize the traffic, Kerravala said.

Riverbed said it protects SSL keys and certificates that reside within servers by ensuring they don't leave the data centre. The certificates and keys are transferred to a Steelhead appliance in the data centre, and it intercepts SSL requests headed for the servers. It then establishes SSL sessions with another Steelhead appliance across the WAN using temporary session keys. The two Steelhead devices talk to each other, the data centre-side Steelhead device talks to the servers and the remote appliance talks to client machines trying to access the servers.

Also with the RiOS 4.0 software upgrade Steelhead appliances improve the performance of HTTP traffic by more efficiently retrieving objects that make up web pages that have been requested before. When a page has been requested through a Steelhead appliance, it stores what objects are needed to build the page. On subsequent requests for the same page, the device asks for groups of objects all at once rather than one after another, saving the time it takes to gather all the necessary objects. This works for HTTP/S traffic as well.

Riverbed claims this boosts the speed of HTTP traffic between seven and 20 times more than the RiOS 3.0 software did.

RiOS 4.0 introduces a technology called Maximum Speed TCP, or MX-TCP, which can ensure that large bandwidth WAN links and links transferring large amounts of data are used efficiently. Standard TCP builds slowly up to maximum speed then drops off when it encounters congestion, then builds up slowly again, making maximum use of bandwidth difficult.

MX-TCP uses Steelhead QoS capabilities to dedicate a guaranteed amount of bandwidth to certain traffic. The devices start sending at that maximum bandwidth immediately, rather than building up to it gradually as standard TCP does. The Steelhead appliances also manage the traffic going over the dedicated bandwidth and work in retransmissions of lost packets, the company said.

Riverbed customer Wright-Pierce, an engineering firm based in Topsham, Maine, uses QoS upgrades in RiOS 4.0 to limit bandwidth available for sending particularly large files from certain servers. Large aerial colour photos, for example, could clog up the T-1 line between headquarters and a branch, making it difficult to do any other business over the link until the photo passed, according to Ray Sirois, the firm's IT manager.

The QoS mechanism can limit bandwidth per IP address, he said. "I could do this with QoS on my Cisco routers, but it's just much more complicated," he said.